gws-sheets
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'gws' command-line tool to perform Google Sheets operations. This tool is a prerequisite defined in the skill metadata and is associated with the vendor's infrastructure.
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection by reading values from external spreadsheets.
- Ingestion points: Data is read from spreadsheets via the 'values' resource as described in SKILL.md.
- Boundary markers: No specific delimiters or instructions are provided to separate spreadsheet data from the agent's system prompt.
- Capability inventory: The skill enables the execution of 'gws sheets' commands, including writing to spreadsheets.
- Sanitization: The skill does not specify any sanitization or validation of the content retrieved from Sheets.
Audit Metadata